Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow and Buggy Computer


  • This topic is locked This topic is locked
2 replies to this topic

#1 wallred10

wallred10

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 26 October 2009 - 02:07 AM

I am currently living in China and have been trying a few internet proxies to allow me to get past the Great Firewall. Unfortunately, it seems I have picked up some malware in the process as my computer has been having some problems lately and has been much slower than normal. I have tried to uninstall all the proxies except for Hotspot Shield and the Tor Vidalia bundle.

In addition to the slowness, I get a popup upon startup from C:\WINDOWS\system32\cmd.exe that opens and runs for about 30-60 seconds before quickly exiting. The following is what it says at first, but I can't catch the output as the window exits too quickly.

Starting Domain domain1, please wait.
Default Log location is C:\Sun\SDK\domains\domain1\logs\server.log.
Redirecting output to C:/Sun/SDK/domains/domain1/logs/server.log

I have gone through all the steps listed on this forum to do before making a post, but none of them seems to solve any of the problems or speed things up. I can't seem to find a particular virus or malware that is causing the problem either. Some of the automatic analyzers for Hijack This logs online recommended that I delete some of the listings, but honestly I don't know about this stuff and don't want to delete something unless I know for sure it is causing some problems. I would appreciate any help that you can provide. Thanks a million!

My DDS Log and RootRepeal Log:


DDS (Ver_09-10-26.01) - NTFSx86
Run by wesley at 14:19:00.50 on 10/26/2009 Mon
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.1022.73 [GMT 8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Sun\SDK\lib\appservService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sinfor\SSL\Promote\SinforPromoteService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\Sun\SDK\jdk\bin\java.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\sybase\ASE-12_0\bin\sqlsrvr.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apoint.exe
C:\TwinCAT\EventLogger\TcEventLogger.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Documents and Settings\wesley\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wesley\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\wesley\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wesley\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\wesley\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wesley\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wesley\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wesley\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\wesley\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wesley\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.hotspotshield.com/g/?c=h
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SinforIEBHO Class: {5fd2fd1f-c991-4a2f-8557-cdb11e271414} - c:\program files\sinfor\ssl\clientcomponent\SinforBHO.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SSOClientBHO Class: {e39b98a8-34a7-4d92-a979-920c48811412} - c:\program files\sinfor\ssl\clientcomponent\SSOClientPrj.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\wesley\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Google IME Autoupdater] "c:\program files\google\google pinyin\GooglePinyinDaemon.exe"
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\sinfor\ssl\clientcomponent\ProxyIE.dll
Trusted Zone: 95599.cn\easyabc
Trusted Zone: 95599.cn\www
Trusted Zone: 95599.sh.cn\ebank
Trusted Zone: 95599.sh.cn\www
Trusted Zone: abchina.com\www
DPF: {250587D2-6704-4479-8718-3C7E163B1413} - hxxps://60.8.49.157/com/CSClientManagerPrj.CAB
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://img.alipay.com/download/2121/aliedit.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {66F598AE-00A7-4ED1-9776-920E2D9C689F} = 192.168.100.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\wesley\applic~1\mozilla\firefox\profiles\7wkllbfu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\wesley\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\wesley\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-22 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-22 360584]
R2 AppServer9PE;SunJavaSystemAppserver9PE;c:\sun\sdk\lib\appservservice.exe "\"c:\sun\sdk\bin\asadmin.bat\" start-domain --user admin domain1" "\"c:\sun\sdk\bin\asadmin.bat\" stop-domain domain1\" --> c:\sun\sdk\lib\appservservice.exe \c:\sun\sdk\bin\asadmin.bat\ [?]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-22 285392]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-10-2 331824]
R2 SinforSP;SinforSP;c:\program files\sinfor\ssl\promote\SinforPromoteService.exe [2008-11-12 91464]
R2 SYBSQL_PSDBSRV;Sybase SQLServer _ PSDBSRV;c:\sybase\ase-12_0\bin\sqlsrvr.exe -spsdbsrv -c --> c:\sybase\ase-12_0\bin\sqlsrvr.exe -sPSDBSRV -C [?]
R2 TcEventLogger;TcEventLogger;c:\twincat\eventlogger\TcEventLogger.exe [2009-6-3 237644]
R2 TcRouter;TwinCAT Router Server;c:\twincat\driver\TCRouter.sys [2009-6-3 186880]
R3 Alidevice;Alidevice;c:\windows\system32\drivers\alidevice.sys [2008-7-13 6656]
R3 SinforVnic;SINFOR SSL VPN CS Support System VNIC;c:\windows\system32\drivers\SinforVnic.sys [2007-3-10 33168]
R3 taphss;Anchorfree HSS Adapter;c:\windows\system32\drivers\taphss.sys [2009-10-2 32768]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-10-2 57640]
S3 SYBXPS_PSDBSRV_XP;Sybase XPServer _ PSDBSRV_XP;c:\sybase\ase-12_0\bin\xpserver.exe -spsdbsrv_xp -c --> c:\sybase\ase-12_0\bin\xpserver.exe -SPSDBSRV_XP -C [?]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2009-7-23 25216]
S3 TcIo;TwinCAT IO Server;c:\twincat\driver\TcIo.sys [2009-6-3 1123840]
S3 TcPlc;TwinCAT IEC1131 Server;c:\twincat\driver\TcPlc.sys [2009-6-3 313856]
S3 TcRTime;TwinCAT Realtime Server;c:\twincat\driver\TCRtime.sys [2009-6-3 136704]
S4 TwinCAT System Service;TwinCAT System Service;c:\twincat\TCATSysSrv.exe [2009-6-3 618556]

=============== Created Last 30 ================

2009-10-26 05:29:48 0 d-----w- c:\program files\Trend Micro
2009-10-23 09:10:06 2891 ----a-w- c:\documents and settings\wesley\.recently-used.xbel
2009-10-23 04:53:49 0 d-----w- C:\Hotspot Shield
2009-10-23 04:53:18 0 d-----w- c:\program files\Hotspot Shield
2009-10-22 06:27:20 0 d-----w- c:\docume~1\wesley\applic~1\WinPatrol
2009-10-22 06:24:54 0 d-----w- c:\program files\BillP Studios
2009-10-22 05:52:25 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-10-22 05:43:41 0 d-----w- c:\docume~1\wesley\applic~1\wsInspector
2009-10-22 04:07:33 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-22 04:07:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-22 03:49:49 0 d--h--w- C:\$AVG
2009-10-22 03:49:35 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-22 03:49:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-22 03:49:28 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-22 03:49:20 0 d-----w- c:\windows\system32\drivers\Avg
2009-10-22 03:48:29 0 d-----w- c:\windows\SxsCaPendDel
2009-10-22 03:42:41 0 d-----w- c:\program files\AVG
2009-10-22 03:42:12 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-10-22 03:00:52 0 d-----w- c:\program files\Pidgin
2009-10-22 02:13:22 0 d-----w- c:\program files\Startup Inspector for Windows
2009-10-22 02:06:14 0 d-----w- c:\program files\CCleaner
2009-10-16 23:25:09 0 d-----w- c:\windows\SQLTools9_KB970892_ENU
2009-10-16 23:20:12 0 d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-15 03:00:43 0 d-----w- C:\resource
2009-10-15 03:00:43 0 d-----w- C:\graph
2009-10-15 03:00:27 0 d-----w- C:\dll
2009-10-15 03:00:03 0 d-----w- C:\bin
2009-10-15 02:56:34 15829864 ----a-w- C:\ps6000-yunda.rar
2009-10-12 13:15:54 0 d-----w- c:\docume~1\wesley\applic~1\ZoomBrowser EX
2009-10-12 12:59:20 0 d-----w- c:\docume~1\wesley\applic~1\CameraWindowDC
2009-10-12 12:59:18 0 d-----w- c:\docume~1\wesley\applic~1\CANON INC
2009-10-12 12:43:11 0 d-----w- c:\docume~1\wesley\applic~1\FastStone
2009-10-12 12:42:45 0 d-----w- c:\program files\FastStone Image Viewer
2009-10-12 12:35:25 0 d-----w- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2009-10-12 12:35:00 0 d-----w- c:\program files\Canon
2009-10-12 12:33:40 0 d-----w- c:\program files\common files\Canon
2009-10-01 23:41:44 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2009-10-01 23:41:44 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2009-09-30 05:04:59 0 d-----w- c:\docume~1\wesley\applic~1\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
2009-09-30 05:04:30 0 d-----w- c:\program files\DIRECTV
2009-09-29 02:20:02 0 d-----w- c:\docume~1\wesley\applic~1\tor
2009-09-29 02:19:37 0 d-----w- c:\program files\Vidalia Bundle
2009-09-29 01:27:24 14863448 ----a-w- c:\docume~1\alluse~1\applic~1\JonDoFox.paf.exe
2009-09-26 09:49:27 0 d-----w- c:\documents and settings\wesley\.thumbnails
2009-09-26 09:47:32 0 d-----w- c:\documents and settings\wesley\.gimp-2.6

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 11:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-03-09 19:48:24 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009030220090309\index.dat
2009-03-09 19:48:24 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009030920090310\index.dat

============= FINISH: 14:19:26.85 ===============














ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/26 14:21
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 00000059
Image Path: \Driver\00000059
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF4905000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BEE000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9840000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\wesley\local settings\temp\etilqs_cp8veeyfhukbva8ijbgq
Status: Allocation size mismatch (API: 8192, Raw: 0)

Path: c:\documents and settings\wesley\local settings\temp\etilqs_ujslayzadpnyvjraqsxy
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\program files\microsoft sql server\mssql.1\mssql\log\log_264.trc
Status: Allocation size mismatch (API: 4096, Raw: 0)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "sptd.sys" at address 0xf74b8b3a

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf74b8c7e

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf74b8ff6

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf74b8a18

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf74b90c0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xf74b8f58

#: 247 Function Name: NtSetValueKey
Status: Hooked by "sptd.sys" at address 0xf74b9148

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x86d899c0 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x86c12988 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x86c12988 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x86c12988 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x86c12988 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86c12988 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86c12988 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x86c12988 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x86c12988 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86c12988 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86c12988 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86c12988 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86c12988 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86c12988 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86c12988 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86c12988 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86c12988 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x86c12988 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x86c12988 Size: 15

Object: Hidden Code [Driver: Udfsࠅ瑎䙦ࠁః獐崐Ā, IRP_MJ_CREATE]
Process: System Address: 0x86ba4400 Size: 15

Object: Hidden Code [Driver: Udfsࠅ瑎䙦ࠁః獐崐Ā, IRP_MJ_CLOSE]
Process: System Address: 0x86ba4400 Size: 15

Object: Hidden Code [Driver: Udfsࠅ瑎䙦ࠁః獐崐Ā, IRP_MJ_READ]
Process: System Address: 0x86ba4400 Size: 15

Object: Hidden Code [Driver: Udfsࠅ瑎䙦ࠁః獐崐Ā, IRP_MJ_WRITE]
Process: System Address: 0x86ba4400 Size: 15

Object: Hidden Code [Driver: Udfsࠅ瑎䙦ࠁః獐崐Ā, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86ba4400 Size: 15

Object: Hidden Code [Driver: Udfsࠅ瑎䙦ࠁః獐崐Ā, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86ba4400 Size: 15

Object: Hidden Code [Driver: Udfsࠅ瑎䙦ࠁః獐崐Ā, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86ba4400 Size: 15

Object: Hidden Code [Driver: Udfsࠅ瑎䙦ࠁః獐崐Ā, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86ba4400 Size: 15

Object: Hidden Code [Driver: Udfsࠅ瑎䙦ࠁః獐崐Ā, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86ba4400 Size: 15

Object: Hidden Code [Driver: Udfsࠅ瑎䙦ࠁః獐崐Ā, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ba4400 Size: 15

Object: Hidden Code [Driver: Udfsࠅ瑎䙦ࠁః獐崐Ā, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86ba4400 Size: 15

Object: Hidden Code [Driver: Udfsࠅ瑎䙦ࠁః獐崐Ā, IRP_MJ_CLEANUP]
Process: System Address: 0x86ba4400 Size: 15

Object: Hidden Code [Driver: Udfsࠅ瑎䙦ࠁః獐崐Ā, IRP_MJ_PNP]
Process: System Address: 0x86ba4400 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_CREATE]
Process: System Address: 0x869d5eb0 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_CLOSE]
Process: System Address: 0x869d5eb0 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x869d5eb0 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x869d5eb0 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_POWER]
Process: System Address: 0x869d5eb0 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x869d5eb0 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_PNP]
Process: System Address: 0x869d5eb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x86aed860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x86aed860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x86aed860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x86aed860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86aed860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86aed860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86aed860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86aed860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x86aed860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86aed860 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x86aed860 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_CREATE]
Process: System Address: 0x86d89c78 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_CLOSE]
Process: System Address: 0x86d89c78 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_READ]
Process: System Address: 0x86d89c78 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_WRITE]
Process: System Address: 0x86d89c78 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86d89c78 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d89c78 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86d89c78 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86d89c78 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_POWER]
Process: System Address: 0x86d89c78 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86d89c78 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_PNP]
Process: System Address: 0x86d89c78 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x86d890e8 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x86d890e8 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x86d890e8 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86d890e8 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d890e8 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86d890e8 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86d890e8 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x86d890e8 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x86d890e8 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86d890e8 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x86d890e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x86ab11e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x86ab11e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ab11e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86ab11e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x86ab11e8 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x86ab11e8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLOSE]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_WRITE]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_EA]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_EA]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLEANUP]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_POWER]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86bbf640 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x86bbca98 Size: 15

Object: Hidden Code [Driver: Npfs؅ఈ浗灩, IRP_MJ_CREATE]
Process: System Address: 0x86678b30 Size: 15

Object: Hidden Code [Driver: Npfs؅ఈ浗灩, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86678b30 Size: 15

Object: Hidden Code [Driver: Npfs؅ఈ浗灩, IRP_MJ_CLOSE]
Process: System Address: 0x86678b30 Size: 15

Object: Hidden Code [Driver: Npfs؅ఈ浗灩, IRP_MJ_READ]
Process: System Address: 0x86678b30 Size: 15

Object: Hidden Code [Driver: Npfs؅ఈ浗灩, IRP_MJ_WRITE]
Process: System Address: 0x86678b30 Size: 15

Object: Hidden Code [Driver: Npfs؅ఈ浗灩, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86678b30 Size: 15

Object: Hidden Code [Driver: Npfs؅ఈ浗灩, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86678b30 Size: 15

Object: Hidden Code [Driver: Npfs؅ఈ浗灩, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86678b30 Size: 15

Object: Hidden Code [Driver: Npfs؅ఈ浗灩, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86678b30 Size: 15

Object: Hidden Code [Driver: Npfs؅ఈ浗灩, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86678b30 Size: 15

Object: Hidden Code [Driver: Npfs؅ఈ浗灩, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86678b30 Size: 15

Object: Hidden Code [Driver: Npfs؅ఈ浗灩, IRP_MJ_CLEANUP]
Process: System Address: 0x86678b30 Size: 15

Object: Hidden Code [Driver: Npfs؅ఈ浗灩, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86678b30 Size: 15

Object: Hidden Code [Driver: Npfs؅ఈ浗灩, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86678b30 Size: 15

Object: Hidden Code [Driver: Msfsࠅఆ奓䅓$, IRP_MJ_CREATE]
Process: System Address: 0x866ce4b0 Size: 15

Object: Hidden Code [Driver: Msfsࠅఆ奓䅓$, IRP_MJ_CLOSE]
Process: System Address: 0x866ce4b0 Size: 15

Object: Hidden Code [Driver: Msfsࠅఆ奓䅓$, IRP_MJ_READ]
Process: System Address: 0x866ce4b0 Size: 15

Object: Hidden Code [Driver: Msfsࠅఆ奓䅓$, IRP_MJ_WRITE]
Process: System Address: 0x866ce4b0 Size: 15

Object: Hidden Code [Driver: Msfsࠅఆ奓䅓$, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x866ce4b0 Size: 15

Object: Hidden Code [Driver: Msfsࠅఆ奓䅓$, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x866ce4b0 Size: 15

Object: Hidden Code [Driver: Msfsࠅఆ奓䅓$, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x866ce4b0 Size: 15

Object: Hidden Code [Driver: Msfsࠅఆ奓䅓$, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x866ce4b0 Size: 15

Object: Hidden Code [Driver: Msfsࠅఆ奓䅓$, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x866ce4b0 Size: 15

Object: Hidden Code [Driver: Msfsࠅఆ奓䅓$, IRP_MJ_CLEANUP]
Process: System Address: 0x866ce4b0 Size: 15

Object: Hidden Code [Driver: Msfsࠅఆ奓䅓$, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x866ce4b0 Size: 15

Object: Hidden Code [Driver: Msfsࠅఆ奓䅓$, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x866ce4b0 Size: 15

Object: Hidden Code [Driver: Msfsࠅఆ奓䅓$, IRP_MJ_SET_SECURITY]
Process: System Address: 0x866ce4b0 Size: 15

Object: Hidden Code [Driver: CdfsЅఄ扏济KnownDllsぃ1, IRP_MJ_CREATE]
Process: System Address: 0x869b32e0 Size: 15

Object: Hidden Code [Driver: CdfsЅఄ扏济KnownDllsぃ1, IRP_MJ_CLOSE]
Process: System Address: 0x869b32e0 Size: 15

Object: Hidden Code [Driver: CdfsЅఄ扏济KnownDllsぃ1, IRP_MJ_READ]
Process: System Address: 0x869b32e0 Size: 15

Object: Hidden Code [Driver: CdfsЅఄ扏济KnownDllsぃ1, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x869b32e0 Size: 15

Object: Hidden Code [Driver: CdfsЅఄ扏济KnownDllsぃ1, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x869b32e0 Size: 15

Object: Hidden Code [Driver: CdfsЅఄ扏济KnownDllsぃ1, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x869b32e0 Size: 15

Object: Hidden Code [Driver: CdfsЅఄ扏济KnownDllsぃ1, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x869b32e0 Size: 15

Object: Hidden Code [Driver: CdfsЅఄ扏济KnownDllsぃ1, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x869b32e0 Size: 15

Object: Hidden Code [Driver: CdfsЅఄ扏济KnownDllsぃ1, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x869b32e0 Size: 15

Object: Hidden Code [Driver: CdfsЅఄ扏济KnownDllsぃ1, IRP_MJ_SHUTDOWN]
Process: System Address: 0x869b32e0 Size: 15

Object: Hidden Code [Driver: CdfsЅఄ扏济KnownDllsぃ1, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x869b32e0 Size: 15

Object: Hidden Code [Driver: CdfsЅఄ扏济KnownDllsぃ1, IRP_MJ_CLEANUP]
Process: System Address: 0x869b32e0 Size: 15

Object: Hidden Code [Driver: CdfsЅఄ扏济KnownDllsぃ1, IRP_MJ_PNP]
Process: System Address: 0x869b32e0 Size: 15

==EOF==

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:19 PM

Posted 01 November 2009 - 06:01 PM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:19 PM

Posted 05 November 2009 - 07:49 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users